A key distribution method for object-based protection

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A key distribution method for object-based protection

Full text

Pdf (502 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2nd ACM Conference on Computer and communications security table of contents

Fairfax, Virginia, United States

Pages: 193 - 197

Year of Publication: 1994

ISBN:0-89791-732-4

Authors

Warwick Ford	Bell-Northern Research, Ottawa, Canada
Michael J. Wiener	Bell-Northern Research, Ottawa, Canada

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 26, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/191177.191225 What is a DOI?

ABSTRACT

In any scheme for protecting the confidentiality of data, selecting a key and encrypting the data is the easy part. The difficult part is controlling access to decryption keys. This becomes particularly significant with object-based protection, that is protection of an object, such as a file or a message, regardless of where the object is currently being stored or transferred within a distributed environment. An example of object-based protection is traditional electronic mail encryption, where access control amounts to selecting a list of individuals permitted to decrypt a message and attaching copies of the symmetric encryption key, encrypted using their public keys, to the encrypted message content. We present a different means of controlling access to decryption keys which can support more flexible access control rules and can better reflect security policy. It is particularly suitable for use in such data distribution environments as public file servers, bulletin boards, commercial information dissemination services, and groupware applications. Because all participants need to trust central servers, the method is less suitable for loosely-connected groups than for medium to large commercial or government organizations.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	DIF1	W. Diffie and M. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. 1T-22, no. 6 (1976), pp. 644-654.
	ECM1	European Computer Manufacturers Association, Security in Open Systems ~ A Security Framework, Technical Report ECMA TR/46, July 1988.
	ISO1	ISO/IEC and ITU, Information Technology Message Handling Systems, ISO/IEC 10021 International Standard and ITU CCITT X.400 series Recommendations, 1988.
	KOH1	J.T. Kohl and B.C. Neuman, The Kerberos Network Authentication Service (V5), Internet Request for Comments (RFC) 1510, Intemet Activities Board, U.S.A., 1993.
	LIN1	J. Linn, Privacy Enhancement for lnternet Electronic Mail, Part I: Message Encryption and Authentication Procedures, Request for Comments (RFC) 1421, Internet Activities Board, U.S.A., 1993.
	RIV1	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]